In our siem environment we want receive syslog source from all source IP through only one custom datasource, listening on specific port (3514), but we can't configure CIDR 0.0.0.0/0 (IP and mask in form) in order to obtain listen on all network. The mask field doesn't accepts values minor of 1. Howto we can achieve our obiective?
The only way I could think of to do this would be to use a syslog forwarder and send all the data to the forwarder and then send the forwarded logs to the siem using the single forwarder ip. You could then create clients under this device to break the forwarded events into the different ip's.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.